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DETAILED ACTION 
Priority 

The later-filed application must be an application for a patent for an invention 
which is also disclosed in the prior application (the parent or original non-provisional 
application or provisional application); the disclosure of the invention in the parent 
application and in the later-filed application must be sufficient to comply with the 
requirements of the first paragraph of 35 U.S.C. 112. See Transco Products, Inc. v. 
Performance Contracting, tnc. % 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). 

Information Disclosure Statement 

1. The information disclosure statement (IDS) submitted on 07/09/01 and 09/21/01 
were filed after the mailing date of the 3 rd on May 2001. The submission is in 
compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is 
considering the information disclosure statement. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claims 1-30, 99-110, and 115-118 are rejected under 35 U.S.C. 101 because the 
claimed invention is directed to non-statutory subject matter. 

The basis of this rejection is set forth in a two prong test of: 

(1) . whether the invention is within the technological arts; and 

(2) whether the invention produces a useful, concrete, and tangible result. 
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For a claimed invention to be statutory, the claimed invention must be within the 
technological arts. Mere idea in the abstract (i.e. abstract ideas, law of nature, natural 
phenomena) that do not apply, involve, use, or advance the technological arts fail to 
promote the "progress of science and the useful arts" (i.e. physical sciences as opposed 
to social sciences for example), and therefore are found to be non-statutory subject 
matter. For a process claim to pass muster, the recited process must somehow apply, 
use or advance the technological arts. 

In the present case, Claim 1 is directed to "a method for conducting a consistent, 
documented and yet repeatable compliance risk assessment and mitigation process, 
using a network-based system including a server system coupled to a centralized 
database and at least one client system, said method comprising the steps of: 

conducting a compliance program assessment; 

conducting a prioritization of compliance risks; 

identifying, for each compliance risk area, potential compliance failures and 
potential causes and effects of such compliance failures; and 

ensuring that risk monitoring and control mechanisms are in place to mitigate 
compliance risks." 

In the present case, Claim 1 does not require any technology. The recited steps 
for conducting a consistent, documented and yet repeatable compliance risk 
assessment and mitigation process does not apply, involve, use, or advance the 
technological arts since all of the recited steps can be done with no technology at all. 
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The recited steps only constitute an idea for conducting a consistent, documented and 
yet repeatable compliance risk assessment and mitigation process. 

Additionally, for a claimed invention to be statutory, the claimed invention must 
produce a useful (specific utility), concrete (repeatability and/or implementation without 
undue experimentation), and tangible (a real or actual affect) result. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter, which the applicant regards as his invention. 

5. Claims 1-118 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

In claim 1, it is not clear what is the scope of the claimed invention and how the 
steps are implemented to achieve the scope of the claimed invention? Is it enhancing 
business development approach or maximizing the company market evaluation or 
launching a business. Applicant is recommended to insert an objective of the claimed 
invention in the preamble to improve clarity. Conducting a consistent, documented and 
yet repeatable compliance risk assessment and migration process is not a proper scope 
of the claimed invention. 

Claims 63-75, additional clarification is needed due to terms computer and 
computer program. Computer and computer program are two different things. 
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Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was. described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 1-118 are rejected under 35 U.S.C. 102(e) as being anticipated by US 
Patent No. 6,148,297 (SWOR ET AL). 

As for Claim 1_, SWOR discloses a method for conducting a consistent, 
documented and yet repeatable compliance risk assessment and mitigation process, 
using a network-based system including a server system coupled to a centralized 
database and at least one client system, said method comprising the steps of: 

conducting a compliance program assessment {See Fig. 2, Element 61}; 

conducting a prioritization of compliance risks {See Fig. 2, Element 62}; 

identifying, for each compliance risk area, potential compliance failures and 
potential causes and effects of such compliance failures {See Fig. 2, Element 74}; and 

ensuring that risk monitoring and control mechanisms are in place to mitigate 
compliance risks {See Fig. 2, Element 76}. 

As for Claim 2, SWOR discloses a method according to Claim 1 wherein said 
step of conducting a compliance program assessment further comprises the steps of: 

developing a binary questionnaire {See Fig. 4A, Element 643}; 
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assembling a cross functional team {See Fig. 4A, Element 644};, 

defining what constitutes a "yes" answer for each question in the binary 
questionnaire {See Fig. 6A2, Element 725}; 

identifying and interviewing process owners for the questionnaire answers {See 
Fig. 6A2, Element 726}; 

compiling interview results {See Fig. 3, Element 621}; and 

summarizing findings and reviewing final results with compliance and functional 
leaders {See Fig. 3, Element 622}. 

As for Claim 3, SWOR discloses a method according to Claim 1 wherein said 
step of conducting a prioritization of compliance risks further comprises the steps of: 

identifying the compliance risks of at least one of business processes, products, 
environment, and location {See Fig. 3, Element 62}; and 

prioritizing the business highest risks {See Fig. 3, Element 624}. 

As for Claim 4, SWOR discloses a method according to Claim 1 wherein said 
step of identifying further comprises the steps of: 

analyzing identified high compliance risk areas to determine potential compliance 
failures and root causes {See Fig. 6A2, Element 722}; and 

prioritizing actions that need to be taken {See Fig. 6A2, Element 723}; and 

developing policy scorecards to be used as a monitoring and reporting tool {See 
Fig. 6A2, Element 730}. 

As for Claim 5, SWOR discloses a method according to Claim 1 wherein said 
step of identifying further comprises the steps of: 
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reassembling the cross functional team that was initially used to conduct the 
compliance program assessment {See Fig. 6D, Element 745}; 

mapping high risk process steps {See Fig. 6D, Element 746}; 

beginning a construction of a Failure Mode in Effect Analysis (FEMA) {See Fig. 
6D, Element 747}; 

assigning severity, occurrence and detection Factors {See Fig. 6D, Element 

748}; 

calculating Risk Prioritization Numbers (RPN) {See Fig. 2, Element 74}; 

defining recommended actions to reduce RPNs {See Fig. 2, Element 75}; and 

defining scorecard content and format {See Fig. 2, Element 76}. 

As for Claim 6, SWOR discloses a method according to Claim 1 wherein said 
step of ensuring that risk monitoring and control mechanisms are in place, further 
comprises the steps of: 

establishing appropriate controls to provide guidance to the business {See Fig. 2, 
Element 62}; and 

monitoring that the appropriate controls to mitigate compliance risks {See Fig. 2, 
Element 631}. 

As for Claim 7, SWOR discloses a method according to Claim 1 wherein said 
step of ensuring that risk monitoring and control mechanisms are in place, further 
comprises the steps of: 

developing action items {See Fig. 2, Element 651};. 
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ensuring that the developed action items are completed in a timely manner {See 
Fig. 2, Element 641}; and 

establishing and monitoring the controls to mitigate compliance risks {See Fig. 2, 
Element 644}. 

As for Claim 8, SWOR discloses a method according to Claim 2 wherein said 
step of identifying and interviewing process owners further comprises the steps of: 

identifying and interviewing for compliance using a knowledge base {See Fig. 2, 
Element 651}; and 

identifying and interviewing for compliance using a question owner's matrix {See 
Fig. 2, Element 661}. 

As for Claim 9, SWOR discloses a method according to Claim 2 wherein said 
step of compiling interview results further comprises the step of compiling interview 
results using a spreadsheet configured for automatically converting the results from 
qualitative to quantitative and further configured to tabulate and graph the results {See 
Fig. 2, Element 644}. 

As for Claim 10, SWOR discloses a method according Claim 2 wherein said step 
of summarizing findings further comprises the step of summarizing the results of the 
assessment of at least one compliance program using at least one of a program 
assessment summary and a policy assessment summary {See Fig. 2, Element 74}. 

As for Claim 1 1 , which has the same. limitations as in Claim 5, therefore, it is 
rejected for the similar reasons set forth in Claim 5. 
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As for Claim 12, SWOR discloses a method according to Claim 11 wherein said 
step of mapping the high level business risk model further comprises the steps of: 

identifying core processes and products of a business {See Fig. 6A2, Element 

722}; 

associating business risk with the core processes and products of a business 
{See Fig. 6B, Element 731} ; and 

associating business risk with compliance requirements {See Fig. 6B, Element 

737}. 

As for Claim 13, SWOR discloses a method according to Claim 11 wherein said 
step compiling a list of compliance requirements further comprises the step of compiling 
a list of compliance requirements including at least one of a company declared policy 
and/or practice, legal and regulatory requirements of a business, contractual 
requirements, compliance risks and internal requirements {See Fig. 3, Element 621}. 

As for Claim 14, SWOR discloses a method according to Claim 1 1 wherein said 
step of prioritizing the list of compliance requirements further comprises prioritizing the 
severity level of non-compliance using a severity matrix {See Fig. 3, Element 624}. 

As for Claim 15, SWOR discloses a method according to Claim 11 wherein said 
step of beginning construction of the quality function deployment (QFD) further 
comprises the steps of: 

beginning construction of the QFD using information generated in mapping the 
high level business risk model with a compliance requirements list developed in making 
a severity matrix {See Fig. 4A, Element 642}; and 
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quantifying the results using a risk QFD matrix {See Fig. 4A, Element 644}. 

As for Claim 16, SWOR discloses a method according to Claim 11 wherein said 
step of assessing and valuating compliance policies further comprises the steps of: 

assessing business routines and controls to ensure compliance with each policy 
{See Fig. 4B, Element 640}; and 

determining a quality function deployment (QFD) score {See Fig. 4B, Element 

645}. 

As for Claim 17, SWOR discloses a method according to Claim 16 wherein said 
step of determining a quality function deployment (QFD) score further comprises the 
step of determining a QFD score as 

process strength rating x severity rating {See Fig. 4A, Element 644}. 

As for Claim 18, SWOR discloses a method according to Claim 16 wherein said 
step of determining a quality function deployment (QFD) score further comprises 
automatically entering the score into a risk QFD {See Fig. 4A, Element 643}. 

As for Claim 19, SWOR discloses a method according to Claim 1 1 wherein said 
step of prioritizing risk areas further comprises summarizing findings from the risk 
quality function deployment (QFD) using a risk prioritization matrix {See Fig. 4A, 
Element 642}. 

As for Claim 20, SWOR discloses a method according to Claim 1 1 further 
comprising the step of identifying the top three to five compliance requirements having 
the highest risk {See Fig. 2, Element 74}. 
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As for Claim 21, SWOR discloses a method according to Claim 5 wherein said 
step of mapping the high-risk process steps comprises the steps of: 
creating a process map {See Fig. 2, Element 61}; and 

creating a process map within a failure mode and effect analysis matrix {See Fig. 
2, Element 62}. 

As for Claim 22, SWOR discloses a method according to Claim 5 wherein said 
step of beginning the construction of a failure mode and effect analysis matrix further 
comprises the steps of determining potential failure modes for each step in a process, 
brainstorming potential effects of the failure identifying potential causes of the failures 
and documenting current controls {See Fig. 2, Element 640}. 

As for Claim 23, SWOR discloses a method according to Claim 5 wherein said 
step of assigning severity, occurrence and detection factors further comprises 
automatically entering the assigned factors into the failure mode and effect analysis 
matrix {See Fig. 2, Element 644}. 

As for Claim 24, SWOR discloses a method according to Claim 5 wherein said 
step of determining risk prioritization numbers further comprises determining the risk 
prioritization numbers as 

severity rating x occurrence rating x detection rating {See Fig. 2, Element 74}. 

As for Claim 25, SWOR discloses a method according to Claim 5 wherein said 
step of defining recommended actions to reduce the risk prioritization numbers further 
includes the step of automatically entering at least one of the recommended actions, an 
owner of the recommended action and expected date of completion of the 
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recommended action into the failure mode and effect analysis matrix {See Fig. 3, 
Element 622}. 

As for Claim 26, SWOR discloses a method according to Claim 5 wherein said 
step of defining recommended actions to reduce the risk prioritization number further 
comprises the steps of automatically reassigning ratings and re-determining the risk 
prioritization numbers {See Fig. 6D, Element 745}. 

As for Claim 27, SWOR discloses a method according to Claim 5 further 
comprising the step of monitoring progress in reducing the risk prioritization numbers 
{See Fig. 6D, Element 746}. 

As for Claim 28, SWOR discloses a method according to Claim 27 wherein the 
step of monitoring progress in reducing the risk prioritization numbers comprises 
monitoring progress in reducing the risk prioritization numbers using policy scorecards 
{See Fig. 6D, Element 747}. 

As for Claim 29, SWOR discloses a method according to Claim 1 further 
comprising the steps of compiling an actions items list and creating at least one policy 
dashboard {See Fig. 6D, Element 748}. 

As for Claim 30, SWOR discloses a method according to Claim 1 further 
comprising the step of monitoring metrics relating to training {See Fig. 6D, Element 
749}. 

As for Claim 31, SWOR discloses a system for identifying and quantifying 
compliance comprising: 

at least one computer {See Fig. 2, Element 14}; 
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a server configured to read input information relating to identifying and 
quantifying compliance, assess at least one compliance program, prioritize risk, identify 
issues relating to the risk and mitigate and control to resolve the issues {See Fig. 2, 
Element 14}; 

a network connecting said computer to said server {See Fig. 2, Element 12}; and 

a user interface allowing a user to input information relating to identifying and 
quantifying compliance {See Fig. 2, Element 50}. 

As for Claim 32, SWOR discloses a system according to Claim 31 wherein said 
server configured to assess at least one compliance program is further configured to 
assemble a cross function team, identify and interview for compliances compile 
interview results and summarize the results of the assessment of at least one 
compliance program {See Fig. 2, Element 61}. 

As for Claim 33, SWOR discloses a system according to Claim 32 wherein said 
server configured to assemble a cross-functional team is configured to assemble a 
cross-functional team using a knowledge base within said server {See Fig. 2, Element 
14}. 

As for Claim 34, SWOR discloses a system according to Claim 32 wherein said 
server configured to assemble a cross-functional team using a knowledge base is 
further configured to create a questionnaire that includes a plurality of binary questions 
relating to compliance and define what constitutes an affirmative answer to the 
questions {See Fig. 2, Element 651}. 
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As for Claim 35, SWOR discloses a system according to Claim 32 wherein said 
server configured to identify and interview for compliance is configured to identify and 
interview for compliance using a knowledge base within said server {See Fig. 2, 
Element 644}. 

As for Claim 36, SWOR discloses a system according to Claim 35 wherein said 
server configured to identify and interview for compliance is farther configured to identify 
and interview for compliance using a question owner's matrix {See Fig. 3, Element 621}. 

As for Claim 37, SWOR discloses a system according to Claim 32 wherein said 
server configured to compile interview results using a spreadsheet is configured to 
compile interview results using a spreadsheet configured for automatically converting 
results from qualitative to quantitative and to tabulate and graph results {See Fig. 2, 
Element 644}. 

As for Claim 38, SWOR discloses a system according to Claim 32 wherein said 
server configured to summarize the results of the assessment is configured to 
summarize the results of the assessment using at least one of program assessment 
summary and a policy assessment summary {See Fig. 2, Element 74}. 

As for Claim 39, SWOR discloses a system according to Claim 31 wherein said 
server configured to prioritize the risk is further configured to map a high level business 
risk model, compile a list of compliance requirements, prioritize the list of compliance 
requirements, construct a quality function deployment (QFD) matrix, assign a severity 
rating for non-compliance with requirements, assess and valuate compliance policies, 
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identify at least one immediate risk and prioritize compliance risks areas {See Fig. 3, 
Element 621}. 

As for Claim 40, SWOR discloses a system according to Claim 39 wherein said 
server configured to map the high level business risk model is further configured to 
identify at least one core process and product of a business, associate business risk 
with at least one core process and product of a business and associate business risk 
with compliance requirements {See Fig. 3, Element 624}. 

As for Claim 41, SWOR discloses a system according to Claim 39 wherein said 
server configured to compile a list of compliance requirements is configured to compile 
a list of compliance requirements including at least one of a company declared policy 
and/or practice, legal and regulatory requirements of a business, contractual 
requirements, compliance risks and internal requirements {See Fig. 2, Element 74}. 

As for Claim 42, SWOR discloses a system according to Claim 39 wherein said 
server configured to prioritize the list of company requirements is configured to prioritize 
the severity level of each occurrence of non-compliance in accordance with a severity 
matrix {See Fig. 3, Element 624}. 

As for Claim 43, SWOR discloses a system according to Claim 39 wherein said 
server configured to construct the quality function deployment (QFD) matrix is further 
configured to construct the QFD matrix using information generated in mapping the high 
level business risk model with the compliance requirements list developed in creating a 
severity matrix {See Fig, 4A, Element 642}. 
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As for Claim 44, SWOR discloses a system according to Claim 39 wherein said 
server configured to construct the quality function deployment (QFD) matrix is 
configured to quantify results using a risk QFD matrix {See Fig. 4A, Element 644}. 

As for Claim 45, SWOR discloses a system according to Claim 39 wherein said 
server configured to assess and evaluate compliance policies is configured to assess 
business routines and controls to ensure compliance with each policy and determine a 
quality function deployment (QFD) score {See Fig. 4A, Element 644}. 

As for Claim 46, SWOR discloses a system according to Claim 45 wherein said 
server configured to determine a quality function deployment (QFD) score is configured 
determine a QFD score as 

process strength rating X severity rating {See Fig. 4A, Element 644}. 

As for Claim 47, SWOR discloses a system according to Claim 45 wherein said 
server configured to determine a quality function deployment (QFD) score is farther 
configured to automatically enter the QFD score into a risk QFD matrix {See Fig. 4A, 
Element 643}. 

As for Claim 48, SWOR discloses a system according to Claim 39 wherein said 
server configured to prioritize compliance risk areas is further configured to summarize 
findings from the risk quality function deployment (QFD) matrix in accordance with a risk 
prioritization matrix {See Fig. 4A, Element 642}. 

As for Claim 49, SWOR discloses a system according to Claim 39 wherein said 
server is further configured to identify the top three to five compliance requirements 
having the highest risk {See Fig. 2, Element 74}. 
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As for Claim 50, SWOR discloses a system according to Claim 31 wherein said 
server configured to identify issues relating to risk is further configured to assemble a 
cross-functional team, map the high risk process steps, construct a failure mode and 
effect analysis matrix, assign severity, occurrence and detection factors, determine risk 
prioritization numbers and define recommended actions to reduce the risk prioritization 
numbers {See Fig. 6D, Element 745}. 

As for Claim 51, SWOR discloses a system according to Claim 50 wherein said 
server configured to map the high-risk process steps is further configured to create a 
process map {See Fig. 2, Element 61}. 

As for Claim 52, SWOR discloses a system according to Claim 50 wherein said 
server configured to create a process map is configured to create a process map in 
accordance with a failure mode and effect analysis matrix {See Fig. 2, Element 644}. 

As for Claim 53, SWOR discloses a system according to Claim 50 wherein said 
server configured to construct a failure mode and effect analysis matrix is further 
configured to determine potential failure modes for each step in a process, brainstorm 
potential effects of the failures to identify potential causes of the failures and documents 
current controls {See Fig. 2, Element 640}. 

As for Claim 54, SWOR discloses a system according to Claim 50 wherein said 
server configured to determine risk prioritization number is configured to determine risk 
prioritization numbers as 

severity rating x occurrence rating x detection rating {See Fig. 2 Element 74}. 
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As for Claim 55, SWOR discloses a system according to Claim 50 wherein said 
server configured to assign a severity rating, occurrence and detection factors is further 
configured to enter the assigned factors into the failure mode and effect analysis matrix 
{See Fig. 2, Element 622}. 

As for Claim 56, SWOR discloses a system according to Claim 50 wherein said 
server configured to define recommended actions is further configured to automatically 
enter at least one of the recommended actions, an owner of the recommended action, 
and expected date of completion of the recommended action into the failure mode and 
effect analysis matrix {See Fig. 3, Element 622}. 

As for Claim 57, SWOR discloses a system according to Claim 50 wherein said 
server configured to define recommended actions to reduce the risk of prioritization 
numbers is further configured to reassign ratings and re-determine the risk prioritization 
numbers {See Fig. 6D, Element 746}. 

As for Claim 58, SWOR discloses a system according to Claim 50 wherein said 
server is further configured to monitor progress in reducing the risk prioritization 
numbers using policy scorecards {See Fig. 6D, Element 747}. 

As for Claim 59, SWOR discloses a system according to Claim 50 wherein said 
server configured to mitigate is further configured to compile an actions items list and 
create at least one policy dashboard {See Fig. 6D, Element 748}. 

As for Claim 60, SWOR discloses a system according to Claim 31 wherein said 
server is configured to allow a user to submit information relating to the identification 
and quantification of compliance via the Internet {See Fig. 2, Element 14}. 
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As for Claim 61 , SWOR discloses a system according to Claim 31 wherein said 
server is configured to allow a user to submit information relating to the identification 
and quantification of compliance via an Internet {See Fig. 2, Element 14}. 

As for Claim 62, SWOR discloses a system according to Claim 31 wherein said 
network is one of a wide area network and a local area network {See Fig. 2, Element 
14}. 

As for Claim 63, SWOR discloses a computer programmed to: 
prompt a user to identify potential risks and failure modes and root causes 
associated with the risks within a compliance program {See Fig. 2, Element 61}; 
prioritize the risks {See Fig. 2, Element 62}; and 

prompt the user with at least one mitigation plan to deal with at least one of the 
identified risks, failure modes, and root causes {See Fig. 2, Element 74}. 

As for Claim 64, SWOR discloses a computer according to Claim 63 further 
programmed to prompt a user to identify process owners within the compliance program 
{See Fig. 2, Element 61}. 

As for Claim 65, SWOR discloses a computer according to Claim 63 wherein to 
identify the risks and failure modes and root causes, said computer displays a computer 
generated screen comprising a questionnaire relating to compliance {See Fig. 4A, 
Element 643}. 

As for Claim 66, SWOR discloses a computer according to Claim 65 wherein the 
questionnaire comprises a question owner's matrix {See Fig. 2, Element 661}. 
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As for Claim 67, SWOR discloses a computer according to Claim 66 wherein 
said question owners matrix comprises a listing of compliance assessment areas {See 
Fig. 4A, Element 642}. 

As for Claim 68, SWOR discloses a computer according to Claim 63 further 
programmed to calculate a percentage of compliance {See Fig. 2, Element 74}. 

As for Claim 69, SWOR discloses a computer according to Claim 65, said 
computer further programmed to tabulate and graph questionnaire results {See Fig. 3, 
Element 622}. 

As for Claim 70, SWOR discloses a computer according to Claim 63 wherein to 
prompt a user with a mitigation plan, said computer displays a computer generated 
screen comprising at least one of a completed questionnaire, a summary of current 
status, improvement opportunities, action plans, potential best practices, a program 
summary and a policy assessment summary {See Fig. 3, Element 622}. 

As for Claim 71 , SWOR discloses a computer according to Claim 63 wherein to 
prioritize the risks said computer is programmed to: 

assess compliance risk {See Fig. 6D, Element 745}; and 

relate risks to processes, products and environments {See Fig. 6D, Element 

747}. 

As for Claim 72, SWOR discloses a computer according to Claim 63 wherein to 
prioritize the risks said computer is programmed to prioritize a list of compliance 
requirements based upon a severity of non-compliance {See Fig. 6A2, Element 723}. 
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As for Claim 73, SWOR discloses a computer according to Claim 72 further 
programmed to organize the list of compliance requirements using a severity matrix 
format {See Fig. 2, Element 661}. 

As for Claim 74, SWOR discloses a computer according to Claim 72 further 
programmed to generate a risk quality function deployment matrix, using compliance 
requirements and severity ratings for non-compliance of each compliance requirement 
{See Fig. 4B, Element 645}. 

As for Claim 75, SWOR discloses a computer according to Claim 72 further 
programmed to calculate risk prioritization numbers using at least one of severity 
ratings, a likelihood of occurrence factor and a detection ability factor {See Fig. 2, 
Element 644}. 

As for Claim 76, SWOR discloses a computer program embodied on computer 
readable medium for managing compliance risk assessment to enable businesses to 
develop broader and deeper coverage of compliance risks, using a network based 
system including a server system coupled to a centralized database and at least one 
client system, said computer program comprising a code segment that: 

develops a questionnaire based on list of compliance requirements and stores 
the questionnaire into a centralized database {See Fig. 4A, Element 643}; 

records and processes qualitative responses against each of the questions 
identified in the questionnaire {See Fig. 6A2, Element 725}; 
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converts the qualitative responses to quantitative results based on pre- 
determined criteria and develops compliance risk assessment output to enable 
businesses to reduce risks and improve profits {See Fig. 3, Element 62}. 

As for Claim 77, SWOR discloses the computer program as recited in Claim 76 
further comprising a code segment that compiles list of compliance requirements and 
prioritizes list of compliance requirements based on relative severity of non-compliance 
{See Fig. 2, Element 62}. 

As for Claim 78, SWOR discloses the computer program as recited in Claim 77 
further comprising a code segment that compiles list of compliance requirements based 
on at least one of Regulatory Requirements, Contractual Requirements, Internal Policy 
Requirements and Spirit/ Letter Requirements {See Fig. 2, Element 74}. 

As for Claim 79, which has the same limitations as in Claim 69, therefore, it is 
rejected for the similar reasons set forth in Claim 69. 

As for Claim 80, which has the same limitations as in Claim 67, therefore, it is 
rejected for the similar reasons set forth in Claim 67. 

As for Claim 81 , SWOR discloses the computer program as recited Claim 76 
further comprising a code segment that summarizes findings in an easily readable 
graphical and table formats {See Fig. 3, Element 622}. 

As for Claim 82, which has the same limitations as in Claim 63, therefore, it is 
rejected for the similar reasons set forth in Claim 63. 
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As for Claim 83, SWOR discloses the computer program as recited Claim 76 
further comprising a code segment that generates management reports for at least one 
of business groups, departments, regions, and countries {See Fig. 3, Element 622}. 

As for Claim 84, SWOR discloses the computer program as recited Claim 76 
further comprising a code segment that identities opportunities for each businesses 
{See Fig. 2, Element 61}. 

As for Claim 85, SWOR discloses the computer program as recited in Claim 76 
wherein the network is a wide area network operable using a protocol including at least 
one of TCP/IP and IPX {See Fig. 2, Element 14}. 

As for Claim 86, SWOR discloses the computer program as recited in Claim 76 
wherein the data is received from the user via a graphical user interface {See Fig. 2, 
Element 12}. 

As for Claim 87, SWOR discloses the computer program as recited in Claim 76 
further that develops questionnaires based on pre-stored comprising a code segment 
assumptions in the database {See Fig. 2, Element 50}. 

As for Claim 88, SWOR discloses the computer program as recited in Claim 76 
wherein the client system and the server system are connected via a network and 
wherein the network is one of a wide area network, a local area network, an intranet and 
the Internet {See Fig. 2, Element 14}. 

As for Claim 89, SWOR discloses the computer program as recited in Claim 76, 
and further comprising a code segment that monitors the security of the system by 
restricting access to unauthorized individuals {See Fig. 2, Element 50}. 
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As for Claim 90, SWOR discloses a database comprising: 
data corresponding to identified potential risks {See Fig. 2, Element 50}; 
data corresponding to prioritization of the risks {See Fig. 2, Element 50}; and 
data corresponding to a mitigation and control plan {See Fig. 2, Element 50}. 
As for Claim 91, SWOR discloses a database according to Claim 90 further 

comprising data corresponding to a cross-functional team {See Fig. 2, Element 61}. 
As for Claim 92, SWOR discloses a database according to Claim 90 further 

comprising data corresponding to a questionnaire regarding compliance {See Fig. 4A, 

Element 643}. 

As for Claim 93, SWOR discloses a database according to Claim 92 further 

i 

comprising data corresponding to interview results in a questionnaire spreadsheet {See 
Fig. 4A, Element 644}. 

As for Claim 94, SWOR discloses a database according to Claim 90 further 
comprising data corresponding to at least one of a current status summary, 
improvement opportunities, action plans, potential best practices, a program summary 
and a policy summary {See Fig. 3, Element 622}. 

As for Claim 95, SWOR discloses a database according to Claim 90 further 
comprising data corresponding to a compliance assessment {See Fig. 2, Element 74}. 

As for Claim 96, SWOR discloses a database according to Claim 90 further 
comprising data corresponding to a quality function deployment assessment score, the 
assessment score calculated as 

process strength rating x severity rating {See Fig. 4A, Element 644}. 



Application/Control Number: 09/848,051 Page 25 

Art Unit: 3629 

As for Claim 97, SWOR discloses a database according to Claim 90 further 
comprising data corresponding to a failure mode and effects analysis matrix {See Fig. 2, 
Element 62}. 

As for Claim 98, SWOR discloses a database according to Claim 90 further 
comprising data corresponding to a risk prioritization matrix, risk prioritization calculated 
as severity 

rating x occurrence rating x detection rating {See Fig. 4A, Element 644}. 

As for Claim 99, SWOR discloses a method for compliance assessment 
comprising the steps of: 

entering, into an electronic interface, identified compliance risks and failure 
modes and root causes associated with the compliance risks {See Fig. 2, Element 61}; 

entering, into the electronic interface, compliance requirements {See Fig. 2, 
Element 62}; and 

requesting, from the electronic interface, a mitigation and control plan {See Fig. 
2, Element 74}. 

As for Claim 100, SWOR discloses a method according to Claim 99 further 
comprising the step of entering into the electronic interface, names of a cross-functional 
team {See Fig. 2, Element 14}. 

As for Claim 101, SWOR discloses a method according to Claim 100 further 
comprising the steps of: 

requesting cross functional team members to complete a compliance 
questionnaire {See Fig. 4A, Element 643}; and 
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requesting, from the electronic interface, a summary of questionnaire results 
{See Fig. 4A, Element 644}. 

As for Claim 102, SWOR discloses a method according to Claim 101 wherein 
said step of requesting a summary of questionnaire results further comprises the step of 
requesting, from the electronic interface, graphed and tabulated results {See Fig. 4A, 
Element 644}. 

As for Claim 103, SWOR discloses a method according to Claim 99 further 
comprising the step of the electronic interface, prioritization of occurrences of non- 
requesting, from compliance in a severity matrix {See Fig. 2, Element 644}. 

As for Claim 104, SWOR discloses a method according to Claim 99 further 
comprising the step of requesting, from the electronic interface, an assessment of 
business routines and controls to determine a quality function deployment (QFD) score 
{See Fig. 4A, Element 642}. 

As for Claim 105, SWOR discloses a method according to Claim 104 wherein the 
QFD score is calculated as process strength rating x severity rating {See Fig. 4A, 
Element 644}. 

As for Claim 106, SWOR discloses a method according to Claim 99 further 
comprising the step of requesting, from the electronic interface, a failure mode and 
effects analysis on a number of compliance requirements risks identified in a risk 
prioritization matrix {See Fig. 4A, Element 642}. 
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As for Claim 107, SWOR discloses a method according to Claim 106 wherein the 
number of compliance requirements risks identified in the risk prioritization matrix is no 
less than three (3) and no more than five (5) {See Fig. 2, Element 74}. 

As for Claim 108, SWOR discloses a method according to Claim 106 further 
comprising the steps of: 

requesting, from the electronic interface, a risk prioritization number {See Fig. 
6D, Element 745}; and 

generating a prioritization of actions for implementation and allocation of 
resources to reduce the risk prioritization number {See Fig. 6D, Element 746}. 

As for Claim 109, SWOR discloses a method according to Claim 108 wherein the 
risk prioritization number is calculated as severity rating x occurrence rating x detection 
rating {See Fig. 2, Element 74}. 

As for Claim 110, SWOR discloses a method according to Claim 108 further 
comprising the step of monitoring risk prioritization numbers using at least one policy 
scorecard {See Fig. 6D, Element 747}. 

As for Claim 1J1, which has the same limitations as in Claim 31, therefore, it is 
being rejected for the similar reasons set forth in Claim 31 . 

As for Claim 1 12, which has the same limitations as in Claim 32, therefore, it is 
being rejected for the similar reasons set forth in Claim 32. 

As for Claim 113, SWOR discloses a system according to Claim 1JJ_ wherein 
said server further configured to: 
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automatically convert a compliance assessment from qualitative to quantitative 
results {See Fig. 2, Element 74}; and 

tabulate and graph the assessment results {See Fig. 2, Element 75}. 

As for Claim 1 14, SWOR discloses a system according to Claim 1 13 wherein 
said server further configured to tabulate and graph the assessment results using at 
least one of a program assessment summary and a policy assessment summary {See 
Fig. 3, Element 622}. 

As for Claim 115 , SWOR discloses a method for assessing a compliance 
program, said method comprising the steps of: 

assembling a cross-functional team for determining what constitutes compliance 
{See Fig. 6D, Element 748}; 

creating a questionnaire including a plurality of binary questions relating to 
compliance and defining what constitutes an affirmative answer to the questions {See 
Fig. 6A2, Element 730}; 

identifying and interviewing process owners for compliance with the compliance 
program {See Fig. 3, Element 62}; 

compiling interview results {See Fig. 3, Element 621}; and 

summarizing the results as an assessment of the compliance program {See Fig. 
3, Element 622}. 

As for Claim 116, THAI discloses a method according to Claim 115 wherein said 
step of creating a questionnaire comprises the step of generating a question owner's 
matrix {See Fig. 4A, Element 642}. 
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As for Claim 117, SWOR discloses a method according to Claim H5 wherein 
said step of compiling interview results comprises the steps of: 

converting the results from qualitative to quantitative {See Fig. 2, Element 74}; 

and 

at least one of tabulating and graphing the results {See Fig. 2, Element 75}. 

As for Claim 118, SWOR discloses a method according to Claim 115 wherein 
said step of summarizing the results as an assessment of the compliance program 
comprises the step of using at least one of a program assessment summary and a 
policy assessment {See Fig. 3, Element 622}. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
I. U.S. Patent: 

1) U.S. Patent No. 5,233,513 (DOYLE) is cited to teach a business modeling, 
software engineering and prototyping method and apparatus, 

2) U.S. Patent No. 6,163,732 (PETKE ET AL.) is cited to teach a system, 
method and computer program products for determining compliance of 
chemical products to government regulations, and 

3) U.S. Patent No. 5,81 9,263 (BROMLEY ET AL.) is cited to teach a financial 
planning system incorporating relationship and group management. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Cang G. Thai whose telephone number is (571) 272- 
6499. The examiner can normally be reached on 6:30 AM - 3:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Weiss can be reached on (571) 272-6812. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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